[Secure-testing-commits] r50577 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Apr 11 19:23:15 UTC 2017
Author: jmm
Date: 2017-04-11 19:23:15 +0000 (Tue, 11 Apr 2017)
New Revision: 50577
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-11 18:31:45 UTC (rev 50576)
+++ data/CVE/list 2017-04-11 19:23:15 UTC (rev 50577)
@@ -39,13 +39,13 @@
CVE-2017-7626
RESERVED
CVE-2017-7625 (In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the ...)
- TODO: check
+ NOT-FOR-US: Fiyo CMS
CVE-2017-7624 (The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ...)
- TODO: check
+ NOT-FOR-US: ImageWorsener
CVE-2017-7623 (The iwmiffr_convert_row32 function in imagew-miff.c in ...)
- TODO: check
+ NOT-FOR-US: ImageWorsener
CVE-2017-7622 (dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 ...)
- TODO: check
+ NOT-FOR-US: dde-daemon
CVE-2017-7621
RESERVED
CVE-2017-7620
@@ -57,9 +57,9 @@
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 (4.11-rc6)
CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain ...)
- TODO: check
+ NOT-FOR-US: Synology Photo Station
CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Synology Photo Station
CVE-2017-7615
RESERVED
CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
@@ -783,11 +783,11 @@
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14)
CVE-2017-7345 (NetApp OnCommand Performance Manager and OnCommand Unified Manager for ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-10311 (Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-10310 (Buffer overflow in the MobiLink Synchronization Server component in ...)
- TODO: check
+ NOT-FOR-US: MobiLink Synchronization Server
CVE-2017-7344
RESERVED
CVE-2017-7343
@@ -908,7 +908,7 @@
CVE-2016-10305 (Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= ...)
NOT-FOR-US: Trango
CVE-2016-10304 (The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2017-7308 (The packet_set_ring function in net/packet/af_packet.c in the Linux ...)
- linux 4.9.18-1
NOTE: Fixed by: https://git.kernel.org/linus/2b6867c2ce76c596676bec7d2d525af525fdc6e2
@@ -1478,7 +1478,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/bf33f87dd04c371ea33feb821b60d63d754e3124 (4.11-rc5)
NOTE: Introduced by: https://git.kernel.org/linus/65c26a0f39695ba01d9693754f27ca76cc8a3ab5 (3.17-rc1)
CVE-2017-7185 (Use-after-free vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Mongoose
CVE-2017-7183 (The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers ...)
NOT-FOR-US: ExtraPuTTY
CVE-2017-7182
@@ -4143,7 +4143,7 @@
CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to ...)
NOT-FOR-US: APNGDis
CVE-2017-6190 (Directory traversal vulnerability in the web interface on the D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before ...)
NOT-FOR-US: Amazon Kindle
CVE-2017-6187 (Buffer overflow in the built-in web server in DiskSavvy Enterprise ...)
@@ -4612,7 +4612,7 @@
CVE-2017-5989
RESERVED
CVE-2017-5988 (NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2017-5987 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
- qemu 1:2.8+dfsg-3 (bug #855159)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -4636,7 +4636,7 @@
CVE-2017-5984
RESERVED
CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before ...)
- TODO: check
+ NOT-FOR-US: JIRA Workflow Designer Plugin
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
- kodi <unfixed> (bug #855225)
- xbmc <undetermined>
@@ -5809,7 +5809,7 @@
CVE-2017-5609 (SQL injection vulnerability in include/functions_entries.inc.php in ...)
- serendipity <removed>
CVE-2017-5607 (Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2017-5606 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
NOT-FOR-US: Xabber
CVE-2017-5605 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
@@ -29375,7 +29375,7 @@
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Impala
CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for Android ...)
NOT-FOR-US: Samsung
CVE-2016-7513 [off-by-one error leading to segfault]
@@ -29773,7 +29773,7 @@
CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have ...)
NOT-FOR-US: AVer
CVE-2016-6534 (Opmantek NMIS before 4.3.7c has command injection via man, finger, ...)
- TODO: check
+ NOT-FOR-US: Opmantek NMIS
CVE-2016-6533
RESERVED
CVE-2016-6532 (DEXIS Imaging Suite 10 has a hardcoded password for the sa account, ...)
@@ -32663,7 +32663,7 @@
CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL Server ...)
NOT-FOR-US: ReadyDesk
CVE-2016-5682 (Swagger-UI before 2.2.1 has XSS via the Default field in the ...)
- TODO: check
+ NOT-FOR-US: Swagger-UI
CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 ...)
NOT-FOR-US: D-Link
CVE-2016-5680 (Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 ...)
@@ -32749,7 +32749,7 @@
CVE-2016-5643
RESERVED
CVE-2016-5642 (Opmantek NMIS before 8.5.12G has XSS via SNMP. ...)
- TODO: check
+ NOT-FOR-US: Opmantek NMIS
CVE-2016-5641
RESERVED
CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron ...)
More information about the Secure-testing-commits
mailing list